From 436a980bd2762c19b5c0602caed2dbc5265deab4 Mon Sep 17 00:00:00 2001 From: Atomic Red Team doc generator Date: Thu, 23 Jun 2022 04:02:16 +0000 Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip] --- atomics/Indexes/index.yaml | 30 ++++++++++++++++++++---------- atomics/T1083/T1083.md | 26 +++++++++++++++++--------- 2 files changed, 37 insertions(+), 19 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index c749e684..2dfa6ec0 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -81847,20 +81847,30 @@ discovery: atomic_tests: - name: File and Directory Discovery (cmd.exe) auto_generated_guid: 0e36303b-6762-4500-b003-127743b80ba6 - description: | - Find or discover files on the file system. Upon execution, the file "download" will be placed in the temporary folder and contain the output of - all of the data discovery commands. + description: 'Find or discover files on the file system. Upon successful execution, + this test will output the results of all the data discovery commands to a + specified file. + + ' supported_platforms: - windows + input_arguments: + output_file: + description: File to output results to + type: String + default: "%temp%\\T1083Test1.txt" executor: command: | - dir /s c:\ >> %temp%\download - dir /s "c:\Documents and Settings" >> %temp%\download - dir /s "c:\Program Files\" >> %temp%\download - dir "%systemdrive%\Users\*.*" >> %temp%\download - dir "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.*" >> %temp%\download - dir "%userprofile%\Desktop\*.*" >> %temp%\download - tree /F >> %temp%\download + dir /s c:\ >> #{output_file} + dir /s "c:\Documents and Settings" >> #{output_file} + dir /s "c:\Program Files\" >> #{output_file} + dir "%systemdrive%\Users\*.*" >> #{output_file} + dir "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.*" >> #{output_file} + dir "%userprofile%\Desktop\*.*" >> #{output_file} + tree /F >> #{output_file} + cleanup_command: 'del #{output_file} + + ' name: command_prompt - name: File and Directory Discovery (PowerShell) auto_generated_guid: 2158908e-b7ef-4c21-8a83-3ce4dd05a924 diff --git a/atomics/T1083/T1083.md b/atomics/T1083/T1083.md index bbf19402..bb5cab1f 100644 --- a/atomics/T1083/T1083.md +++ b/atomics/T1083/T1083.md @@ -20,8 +20,7 @@ Many command shell utilities can be used to obtain this information. Examples in
## Atomic Test #1 - File and Directory Discovery (cmd.exe) -Find or discover files on the file system. Upon execution, the file "download" will be placed in the temporary folder and contain the output of -all of the data discovery commands. +Find or discover files on the file system. Upon successful execution, this test will output the results of all the data discovery commands to a specified file. **Supported Platforms:** Windows @@ -32,20 +31,29 @@ all of the data discovery commands. +#### Inputs: +| Name | Description | Type | Default Value | +|------|-------------|------|---------------| +| output_file | File to output results to | String | %temp%\T1083Test1.txt| + #### Attack Commands: Run with `command_prompt`! ```cmd -dir /s c:\ >> %temp%\download -dir /s "c:\Documents and Settings" >> %temp%\download -dir /s "c:\Program Files\" >> %temp%\download -dir "%systemdrive%\Users\*.*" >> %temp%\download -dir "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.*" >> %temp%\download -dir "%userprofile%\Desktop\*.*" >> %temp%\download -tree /F >> %temp%\download +dir /s c:\ >> #{output_file} +dir /s "c:\Documents and Settings" >> #{output_file} +dir /s "c:\Program Files\" >> #{output_file} +dir "%systemdrive%\Users\*.*" >> #{output_file} +dir "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.*" >> #{output_file} +dir "%userprofile%\Desktop\*.*" >> #{output_file} +tree /F >> #{output_file} ``` +#### Cleanup Commands: +```cmd +del #{output_file} +```